Class TokenVerifier

java.lang.Object

com.google.auth.oauth2.TokenVerifier

public class TokenVerifier
extends Object

Handle verification of Google-signed JWT tokens.

Since:

0.21.0

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	TokenVerifier.Builder
(package private) static class	TokenVerifier.PublicKeyLoader	Custom CacheLoader for mapping certificate urls to the contained public keys.
static class	TokenVerifier.VerificationException	Custom exception for wrapping all verification errors.

Field Summary

Fields

Modifier and Type	Field	Description
private final String	audience
private final String	certificatesLocation
private final com.google.api.client.util.Clock	clock
private static final String	FEDERATED_SIGNON_CERT_URL
private static final String	IAP_CERT_URL
private final String	issuer
private final PublicKey	publicKey
private final com.google.common.cache.LoadingCache<String, Map<String, PublicKey>>	publicKeyCache
private static final Set<String>	SUPPORTED_ALGORITHMS

Constructor Summary

Constructors

Modifier	Constructor	Description
private	TokenVerifier(TokenVerifier.Builder builder)

Method Summary

Modifier and Type	Method	Description
private String	getCertificateLocation(com.google.api.client.json.webtoken.JsonWebSignature jsonWebSignature)
static TokenVerifier.Builder	newBuilder()
com.google.api.client.json.webtoken.JsonWebSignature	verify(String token)	Verify an encoded JWT token.

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

IAP_CERT_URL

private static final String IAP_CERT_URL

See Also:

• Constant Field Values

FEDERATED_SIGNON_CERT_URL

private static final String FEDERATED_SIGNON_CERT_URL

See Also:

• Constant Field Values

SUPPORTED_ALGORITHMS

private static final Set<String> SUPPORTED_ALGORITHMS

audience

private final String audience

certificatesLocation

private final String certificatesLocation

issuer

private final String issuer

publicKey

private final PublicKey publicKey

clock

private final com.google.api.client.util.Clock clock

publicKeyCache

private final com.google.common.cache.LoadingCache<String, Map<String, PublicKey>> publicKeyCache

Constructor Details

TokenVerifier

private TokenVerifier(TokenVerifier.Builder builder)

Method Details

newBuilder

public static TokenVerifier.Builder newBuilder()

verify

public com.google.api.client.json.webtoken.JsonWebSignature verify(String token)
                                                            throws TokenVerifier.VerificationException

Verify an encoded JWT token.

Parameters:

token - encoded JWT token

Returns:

the parsed JsonWebSignature instance for additional validation if necessary

Throws:

TokenVerifier.VerificationException - thrown if any verification fails

getCertificateLocation

private String getCertificateLocation(com.google.api.client.json.webtoken.JsonWebSignature jsonWebSignature)
                               throws TokenVerifier.VerificationException

Throws:

TokenVerifier.VerificationException